Instrumental founder and CEO Anna Katrina Shedletsky, who is using her experience as an Apple product design engineer to bring AI to manufacturing. Photo: Leander Kahney/Cult of Mac

Despite Apple’s denials, it’s “highly plausible” that secret spy chips could have been planted on the company’s servers, said a former Apple hardware engineer.

Anna-Katrina Shedletsky, who spent nearly six years at Apple helping build several generations of iPod, iPhone and Apple Watch, said spy chips could have been slipped into the design of servers used for Apple’s iCloud services, as alleged in a Bloomberg Businessweek story.

“With my knowledge of hardware design, it’s entirely plausible to me,” she said. “It’s very highly plausible to me, and that’s scary if you think about it.”

According to Bloomberg Businessweek, Chinese spies surreptitiously placed tiny chips on machines made by Super Micro, one of the world’s biggest server manufacturers. The chips spied on the servers’ operations — and reported the information to the Chinese military.

Apple said the story is “wrong and misinformed.” Amazon said “there are so many inaccuracies in ‎this article as it relates to Amazon that they’re hard to count.”

Conflicting claims about Chinese spy chips

Shedletsky is a former Apple product design engineer. She spent years working with Chinese companies like Foxconn, designing and building the manufacturing lines for dozens of Apple products. She used her extensive knowledge of supply chains to launch her own Silicon Valley startup, Instrumental. The company uses machine learning to help manufacturers identify and fix problems on their assembly lines.

Shedletsky said she has no insider knowledge about the Chinese spy chip situation currently making headlines. Like a lot of people, she feels conflicted about the story.

On the one hand, Bloomberg Businessweek is a highly respected journalistic organization. Plus, the story seems deeply reported. The magazine says it spent a year researching the story, conducting more than 100 interviews with 17 sources who independently confirmed the report.

Apple’s and Amazon’s unusual denials are clear and highly detailed. Both companies refute the Bloomberg Businessweek story in its entirety, and many of its details specifically. Apple never released a statement like this before.

So what to believe?

Shedletsky said she found the story believable. She said it would be trivially easy for the Chinese military to sneak spy chips into products — probably even easier than detailed by Bloomberg Businessweek.

There are usually hundreds or thousands of components on a server’s main logic board, Shedletsky said. That makes it very difficult to check each and every component. In addition, companies often outsource the design of products — in whole or in part — to manufacturing partners. That means they sometimes have little idea what specific components have been used. Sneaking in a spy chip would be relatively simple.

Even if a company does its own design work, components can easily be substituted for cheaper ones or, as in the Chinese spying allegations, for unauthorized chips.

Shedletsky said counterfeiting of chips and other electronic components remains a big problem in electronics supply chains. Contractors sometimes swap in cheaper counterfeit chips to boost profits. Sometimes they do it unknowingly. She sees it a lot with the companies she works with, both big and small.

One company she worked with only realized dodgy components made their way into its product when the devices’ batteries started smoking.

Instrumental uses AI to ID counterfeit parts

Apologizing for plugging her own company, Shedletsky noted that Instrumental’s process makes it very easy to “track and trace” counterfeit or unauthorized components. The AI-based system uses high-resolution cameras to monitor production lines. The system easily spots any changes on a motherboard. Then, it can very quickly perform a search of all the boards that contained anomalies. Most other manufacturing processes can’t do this, she said.

Shedletsky said there are likely hundreds, if not thousands, of Super Micro customers checking their servers to see if they are compromised.

“Even if it didn’t happen, we now have got to have a solution for this kind of problem, because someone will now do it 100 percent,” she said.